Ransomware attackers assume control of sensitive business data and then threaten to publish it onto the dark web if their ransom price is not paid. Published sensitive data is particularly dangerous on the dark web, given the criminal community that operates on the network.
The ransomware group LockBit has claimed responsibility for the attack. After Kopter refused to comply with their demands, LockBit published some of the breached data onto its blog on the dark web.
The published data included business documents, details of internal projects, and various defense industry standards.
LockBit was launched in September 2019 and operates on a Ransomware-as-a-service (RaaS) model. Criminal affiliates distribute the ransomware for a percentage of the ransom price.
The affiliate business model is the most effective method for scaling any solution. With an average ransomware payout of US $178,000, RaaS Affiliates have an avaricious motivation to rapidly multiply ransomware victims.